Computer Science > Cryptography and Security

Abstract: The popularity of mobile device has made people's lives more convenient, but
threatened people's privacy at the same time. As end users are becoming more
and more concerned on the protection of their private information, it is even
harder to track a specific user using conventional technologies. For example,
cookies might be cleared by users regularly. Apple has stopped apps accessing
UDIDs, and Android phones use some special permission to protect IMEI code. To
address this challenge, some recent studies have worked on tracing smart phones
using the hardware features resulted from the imperfect manufacturing process.
These works have demonstrated that different devices can be differentiated to
each other. However, it still has a long way to go in order to replace cookie
and be deployed in real world scenarios, especially in terms of properties like
uniqueness, robustness, etc. In this paper, we presented a novel method to
generate stable and unique device ID stealthy for smartphones by exploiting the
frequency response of the speaker. With carefully selected audio frequencies
and special sound wave patterns, we can reduce the impacts of non-linear
effects and noises, and keep our feature extraction process un-noticeable to
users. The extracted feature is not only very stable for a given smart phone
speaker, but also unique to that phone. The feature contains rich information
that is equivalent to around 40 bits of entropy, which is enough to identify
billions of different smart phones of the same model. We have built a prototype
to evaluate our method, and the results show that the generated device ID can
be used as a replacement of cookie.